2 files changed, 24 insertions, 22 deletions

diff --git a/docs/content/en/configuration/miscellaneous/server-endpoints-authz.md b/docs/content/en/configuration/miscellaneous/server-endpoints-authz.md
index daa4864dc..973bb2cd3 100644
--- a/docs/content/en/configuration/miscellaneous/server-endpoints-authz.md
+++ b/docs/content/en/configuration/miscellaneous/server-endpoints-authz.md
@@ -1,7 +1,7 @@
 ---
 title: "Server Authz Endpoints"
 description: "Configuring the Server Authz Endpoint Settings."
-lead: "Authelia supports several authorization endpoints on the internal webserver. This section describes how to configure and tune them."
+lead: "Authelia supports several authorization endpoints on the internal web server. This section describes how to configure and tune them."
 date: 2023-01-25T20:36:40+11:00
 draft: false
 images: []
@@ -26,16 +26,22 @@ server:
         implementation: 'ForwardAuth'
         authn_strategies:
           - name: 'HeaderProxyAuthorization'
+            schemes:
+              - 'Basic'
           - name: 'CookieSession'
       ext-authz:
         implementation: 'ExtAuthz'
         authn_strategies:
           - name: 'HeaderProxyAuthorization'
+            schemes:
+              - 'Basic'
           - name: 'CookieSession'
       auth-request:
         implementation: 'AuthRequest'
         authn_strategies:
           - name: 'HeaderAuthRequestProxyAuthorization'
+            schemes:
+              - 'Basic'
           - name: 'CookieSession'
       legacy:
         implementation: 'Legacy'
@@ -80,3 +86,11 @@ immediately short-circuit the authentication, otherwise the next strategy in the
 The name of the strategy. Valid case-sensitive values are `CookieSession`, `HeaderAuthorization`,
 `HeaderProxyAuthorization`, `HeaderAuthRequestProxyAuthorization`, and `HeaderLegacy`. Read more about the strategies in
 the [reference guide](../../reference/guides/proxy-authorization.md#authn-strategies).
+
+#### schemes
+
+{{< confkey type="list(string)" default="Basic" required="no" >}}
+
+The list of schemes allowed on this endpoint. Options are `Basic`, and `Bearer`. This option is only applicable to the
+`HeaderAuthorization`, `HeaderProxyAuthorization`, and `HeaderAuthRequestProxyAuthorization` strategies and unavailable
+with the `legacy` endpoint which only uses `Basic`.
diff --git a/docs/content/en/configuration/miscellaneous/server.md b/docs/content/en/configuration/miscellaneous/server.md
index 84954d552..0b46d1d00 100644
--- a/docs/content/en/configuration/miscellaneous/server.md
+++ b/docs/content/en/configuration/miscellaneous/server.md
@@ -1,7 +1,7 @@
 ---
 title: "Server"
 description: "Configuring the Server Settings."
-lead: "Authelia runs an internal webserver. This section describes how to configure and tune this."
+lead: "Authelia runs an internal web server. This section describes how to configure and tune this."
 date: 2022-06-15T17:51:47+10:00
 draft: false
 images: []
@@ -39,19 +39,7 @@ server:
   endpoints:
     enable_pprof: false
     enable_expvars: false
-    authz:
-      forward-auth:
-        implementation: 'ForwardAuth'
-        authn_strategies: []
-      ext-authz:
-        implementation: 'ExtAuthz'
-        authn_strategies: []
-      auth-request:
-        implementation: 'AuthRequest'
-        authn_strategies: []
-      legacy:
-        implementation: 'Legacy'
-        authn_strategies: []
+    authz: {} ## See the dedicated "Server Authz Endpoints" configuration guide.
 ```
 
 ## Options
@@ -83,9 +71,9 @@ server:
 
 ### asset_path
 
-{{< confkey type="string " required="no" >}}
+{{< confkey type="string" required="no" >}}
 
-Authelia by default serves all static assets from an embedded filesystem in the Go binary.
+Authelia by default serves all static assets from an embedded file system in the Go binary.
 
 Modifying this setting will allow you to override and serve specific assets for Authelia from a specified path. All
 assets that can be overridden must be placed in the `asset_path`. The structure of this directory and the assets which
@@ -98,7 +86,7 @@ can be overridden is documented in the
 
 On startup Authelia checks for the existence of /app/healthcheck.sh and /app/.healthcheck.env and if both of these exist
 it writes the configuration vars for the healthcheck to the /app/.healthcheck.env file. In instances where this is not
-desirable it's possible to disable these interactions entirely.
+desirable, it's possible to disable these interactions entirely.
 
 An example situation where this is the case is in Kubernetes when set security policies that prevent writing to the
 ephemeral storage of a container or just don't want to enable the internal health check.
@@ -147,8 +135,8 @@ or intermediate certificates. If no item is provided mutual TLS is disabled.
 {{< confkey type="string" required="no" >}}
 
 This customizes the value of the Content-Security-Policy header. It will replace all instances of the below placeholder
-with the nonce value of the Authelia react bundle. This is an advanced option to customize and you should do sufficient
-research about how browsers utilize and understand this header before attempting to customize it.
+with the nonce value of the Authelia react bundle. This is an advanced option to customize, and you should do
+sufficient research about how browsers utilize and understand this header before attempting to customize it.
 
 {{< csp >}}
 
@@ -195,10 +183,10 @@ Generally this does not need to be configured for most use cases. See the
 ### Buffer Sizes
 
 The read and write buffer sizes generally should be the same. This is because when Authelia verifies
-if the user is authorized to visit a URL, it also sends back nearly the same size response as the request. However
+if the user is authorized to visit a URL, it also sends back nearly the same size response as the request. However,
 you're able to tune these individually depending on your needs.
 
 ### Asset Overrides
 
-If replacing the Logo for your Authelia portal it is recommended to upload a transparent PNG of your desired logo.
+If replacing the Logo for your Authelia portal, it is recommended to upload a transparent PNG of your desired logo.
 Authelia will automatically resize the logo to an appropriate size to present in the frontend.